From 114ff933b63c253f9f47e5680106a609adcd2695 Mon Sep 17 00:00:00 2001 From: creme Date: Sun, 5 Jan 2020 14:03:14 +0000 Subject: [PATCH] update --- etc/init.d/S41firewall | 18 ++++++++++- etc/letsencrypt/renewal-hooks/deploy/envs.sh | 32 +++++++++++++++++++ .../sites-available/matrix.envs.net.conf | 27 ++++++++++++++++ .../sites-available/webirc.envs.net.conf | 4 +-- etc/nginx/sites-enabled/matrix.envs.net.conf | 1 + 5 files changed, 79 insertions(+), 3 deletions(-) create mode 100644 etc/nginx/sites-available/matrix.envs.net.conf create mode 120000 etc/nginx/sites-enabled/matrix.envs.net.conf diff --git a/etc/init.d/S41firewall b/etc/init.d/S41firewall index 1b63f52..41b5939 100755 --- a/etc/init.d/S41firewall +++ b/etc/init.d/S41firewall @@ -185,11 +185,16 @@ if [ "$1" = "start" ]; then $IPT -w -t nat -A PREROUTING -d 5.199.136.28 -p tcp --dport 995 -j DNAT --to-destination 192.168.1.3:995 $IPT -w -A FORWARD -p tcp -d 192.168.1.3 --dport 995 -j ACCEPT # - $IPT -w -t nat -A POSTROUTING -d 192.168.1.4 -s 192.168.1.3 -j SNAT --to 192.168.1.3 + $IPT -w -t nat -A POSTROUTING -d 192.168.1.4 -s 192.168.1.3 -j SNAT --to 5.199.136.28 $IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.3 -j SNAT --to 5.199.136.28 # mail-lists # => apache2 proxy (http/https) + $IPT -w -t nat -A PREROUTING -s 192.168.1.3 -d 5.199.136.29 -p tcp --dport 25 -j DNAT --to-destination 192.168.1.4:25 + $IPT -w -t nat -A PREROUTING -s 5.199.136.28 -d 5.199.136.29 -p tcp --dport 25 -j DNAT --to-destination 192.168.1.4:25 + $IPT -w -A FORWARD -p tcp -d 192.168.1.4 --dport 25 -j ACCEPT + # + $IPT -w -t nat -A POSTROUTING -d 192.168.1.3 -s 192.168.1.4 -j SNAT --to 5.199.136.29 $IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.4 -j SNAT --to 5.199.136.29 # gitea @@ -206,6 +211,17 @@ if [ "$1" = "start" ]; then # => apache2 proxy (http/https) $IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.12 -j SNAT --to 89.163.145.170 + # drone + # => apache2 proxy (http/https) + $IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.13 -j SNAT --to 5.199.130.141 + + # matrix + # => apache2 proxy (http/https) + # + $IPT -w -t nat -A PREROUTING -d 89.163.145.170 -p tcp --dport 8448 -j DNAT --to-destination 192.168.1.14:8448 + $IPT -w -A FORWARD -p tcp -d 192.168.1.14 --dport 8448 -j ACCEPT + $IPT -w -t nat -A POSTROUTING ! -d 192.168.1.0/24 -s 192.168.1.14 -j SNAT --to 89.163.145.170 + # 0x0 # => apache2 proxy (http/https) $IPT -w -t nat -A PREROUTING -d 89.163.145.170 -p tcp --dport 9999 -j DNAT --to-destination 192.168.1.15:9999 diff --git a/etc/letsencrypt/renewal-hooks/deploy/envs.sh b/etc/letsencrypt/renewal-hooks/deploy/envs.sh index 9bc8a9e..b4b2e35 100755 --- a/etc/letsencrypt/renewal-hooks/deploy/envs.sh +++ b/etc/letsencrypt/renewal-hooks/deploy/envs.sh @@ -11,6 +11,35 @@ for domain in $RENEWED_DOMAINS; do cat "$RENEWED_LINEAGE/chain.pem" > "$daemon_cert_root/chain.pem" cat "$RENEWED_LINEAGE/fullchain.pem" > "$daemon_cert_root/fullchain.pem" cat /etc/ssl/certs/envs_dhparam.pem > "$daemon_cert_root/envs_dhparam.pem" + + # matrix + matrix_dir=/var/lib/lxc/matrix/rootfs/etc/matrix-synapse + cp "$daemon_cert_root/privkey.pem" "$matrix_dir"/ + cp "$daemon_cert_root/chain.pem" "$matrix_dir"/ + cp "$daemon_cert_root/fullchain.pem" "$matrix_dir"/ + chmod 600 "$matrix_dir"/*.pem + chown 108:0 "$matrix_dir"/*.pem + lxc-attach -n matrix -- bash -c "systemctl reload nginx ; systemctl restart matrix-synapse" + + # mail + lxc-attach -n mail -- bash -c "systemctl reload nginx postfix dovecot" + # mailinglists + lxc-attach -n lists -- bash -c "systemctl reload nginx postfix" + + # gitea + lxc-attach -n gitea -- bash -c "systemctl reload nginx" + + # searx + lxc-attach -n searx -- bash -c "systemctl reload nginx" + + # cryptad + lxc-attach -n pad -- bash -c "systemctl reload nginx" + + # tt-rss + lxc-attach -n rss -- bash -c "systemctl restart apache2" + + # privatebin + lxc-attach -n pb -- bash -c "systemctl restart apache2" ;; envs.sh) @@ -20,6 +49,8 @@ for domain in $RENEWED_DOMAINS; do cat "$RENEWED_LINEAGE/chain.pem" > "$daemon_cert_root/chain.pem" cat "$RENEWED_LINEAGE/fullchain.pem" > "$daemon_cert_root/fullchain.pem" cat /etc/ssl/certs/envs_dhparam.pem > "$daemon_cert_root/envs_dhparam.pem" + # 0x0 / fiche + lxc-attach -n null -- bash -c "systemctl reload nginx" ;; znc.envs.net) @@ -30,6 +61,7 @@ for domain in $RENEWED_DOMAINS; do cat /etc/ssl/certs/envs_dhparam.pem >> "$daemon_cert_root/znc.pem" chown znc "$daemon_cert_root/znc.pem" chmod 600 "$daemon_cert_root/znc.pem" + systemctl restart znc ;; esac diff --git a/etc/nginx/sites-available/matrix.envs.net.conf b/etc/nginx/sites-available/matrix.envs.net.conf new file mode 100644 index 0000000..4a6974d --- /dev/null +++ b/etc/nginx/sites-available/matrix.envs.net.conf @@ -0,0 +1,27 @@ +### SEARX.ENVS.NET - lxc ### +server { + include snippets/listen.conf; +# include snippets/ddos_mid.conf; + server_name matrix.envs.net; + + return 307 https://$host$request_uri; +} + +# SSL +server { + include snippets/listen_ssl.conf; +# include snippets/ddos_mid.conf; + server_name matrix.envs.net; + + include snippets/ssl.conf; + include ssl/envs_net_wild.conf; + + error_log /var/log/nginx/matrix.envs.net-error.log crit; + + location / { + include proxy_params; + proxy_ssl_name $http_host; + proxy_ssl_server_name on; + proxy_pass https://matrix.envs.net; + } +} diff --git a/etc/nginx/sites-available/webirc.envs.net.conf b/etc/nginx/sites-available/webirc.envs.net.conf index c9a6060..d73f92f 100644 --- a/etc/nginx/sites-available/webirc.envs.net.conf +++ b/etc/nginx/sites-available/webirc.envs.net.conf @@ -3,7 +3,7 @@ server { include snippets/listen_local.conf; include snippets/listen.conf; # include snippets/ddos_def.conf; - server_name lounge.envs.net webirc.envs.net; + server_name thelounge.envs.net lounge.envs.net webirc.envs.net; return 307 https://webirc.envs.net$request_uri; } @@ -11,7 +11,7 @@ server { include snippets/listen_local_ssl.conf; include snippets/listen_ssl.conf; # include snippets/ddos_def.conf; - server_name lounge.envs.net webirc.envs.net; + server_name thelounge.envs.net lounge.envs.net webirc.envs.net; include snippets/ssl.conf; include ssl/envs_net_wild.conf; diff --git a/etc/nginx/sites-enabled/matrix.envs.net.conf b/etc/nginx/sites-enabled/matrix.envs.net.conf new file mode 120000 index 0000000..545a7f1 --- /dev/null +++ b/etc/nginx/sites-enabled/matrix.envs.net.conf @@ -0,0 +1 @@ +/etc/nginx/sites-available/matrix.envs.net.conf \ No newline at end of file